Moocs Report: (Topic - Cyber Security)
Moocs Report: (Topic - Cyber Security)
Moocs Report: (Topic - Cyber Security)
SUBMITTED TO – SUBMITTED BY -
Mrs Sonali Gupta Akash Narendra Prasad
(Asst prof) Btech Cse Student id - 200111162
Cse Dept Roll no. 2018124
Sec – M
Class roll – 06
Sem - 4
ACKNOWLEDGMENT
Cyber security is the protection of internet-connected systems such as hardware, software and
data from cyber threats. The practice is used by individuals and enterprises to protect against
unauthorized access to data centers and other computerized systems.
A strong cyber security strategy can provide a good security posture against malicious
attacks designed to access, alter, delete, destroy or extort an organization's or user's systems
and sensitive data. Cyber security is also instrumental in preventing attacks that aim to
disable or disrupt a system's or device's operations.
The cyber security field can be broken down into several different sections, the coordination
of which within the organization is crucial to the success of a cyber security program. These
sections include the following
Network security
Operational security
Cloud security
Physical security
End-user education
Maintaining cyber security in a constantly evolving threat landscape is a challenge for all
organizations. Traditional reactive approaches, in which resources were put toward protecting
systems against the biggest known threats, while lesser known threats were undefended, is no
longer a sufficient tactic. To keep up with changing security , a more proactive and adaptive
approach is necessary. Several key cyber security advisory organizations offer guidance. For
example, the National Institute of Standards and Technology (NIST) recommends adopting
continuous monitoring and real-time assessments as part of a risk assessment framework to
defend against known and unknown threats.
Business continuity.
Improved confidence in the company's reputation and trust for developers, partners,
customers, stakeholders and employees.
Malware is a form of malicious software in which any file or program can be used to
harm a computer user. This includes worms, viruses, Trojans and spyware.
Social engineering is an attack that relies on human interaction to trick users into
breaking security procedures to gain sensitive information that is typically protected.
Phishing is a form of social engineering where fraudulent email or text messages that
resemble those from reputable or known sources are sent. Often random attacks, the
intent of these messages is to steal sensitive data, such as credit card or login
information.
Spear phishing is a type of phishing attack that has an intended target user, organization
or business.
Other common attacks include botnets, drive-by-download attacks, exploit kits, malvertising,
vishing, credential stuffing attacks, cross-site scripting (XSS) attacks, SQL injection attacks,
business email compromise (BEC) and zero-day exploits.
One of the most problematic elements of cyber security is the evolving nature of security
risks. As new technologies emerge, and as technology is used in new or different ways, new
attack avenues are developed. Keeping up with these frequent changes and advances in
attacks, as well as updating practices to protect against them, can be challenging. Issues
include ensuring all elements of cyber security are continually updated to protect against
potential vulnerabilities. This can be especially difficult for smaller organizations without the
staff or in-house resources.
Additionally, organizations can gather a lot of potential data on individuals who use one or
more of their services. With more data being collected, the likelihood of a cybercriminal who
wants to steal personally identifiable information (PII) is another concern. For example, an
organization that stores PII in the cloud may be subject to a ransom ware attack.
Organizations should do what they can to prevent a cloud breach.
Another challenge to cyber security includes a shortage of qualified cyber security personnel.
As the amount of data collected and used by businesses grows, the need for cyber security
staff to analyze, manage and respond to incidents also increases. (ISC)2 estimated the
workplace gap between needed cyber security jobs and security professionals at 3.1 million.
Threat detection. AI platforms can analyze data and recognize known threats, as well as
predict novel threats.
Threat response. AI platforms also create and automatically enact security protections.
Human augmentation. Security pros are often overloaded with alerts and repetitive
tasks. AI can help eliminate alert fatigue by automatically triaging low-risk alarms and
automating big data analysis and other repetitive tasks, freeing humans for more
sophisticated tasks.
Firewalls
Endpoint protection
Antimalware
Intrusion prevention/detection systems (IPS/IDS)
Encryption tools
Vulnerability scanners
Well-known cyber security vendors include Check Point, Cisco, Code42, Crowd Strike, Fire
Eye, Fortinet, IBM, Imperva, KnowBe4, McAfee, Microsoft, Palo Alto Networks, Rapid7,
Splunk, Symantec, Trend Micro and Trustwave.
IT professionals and other computer specialists are needed in security roles, such as:
Chief information security officer (CISO) is the individual who implements the
security program across the organization and oversees the IT security department's
operations.
Chief security office (CSO) is the executive responsible for the physical and/or cyber
security of a company.
Security engineers protect company assets from threats with a focus on quality control
within the IT infrastructure.
Threat hunters are threat analysts who aim to uncover vulnerabilities and attacks and
mitigate them before they compromise a business.
Other cyber security careers include security consultants, data protection officer, cloud
security architects, security operations manager (SOC) managers and analysts, security
investigators, cryptographers and security administrators.
What are the latest cyber threats that individuals and organizations need to
guard against? Here are some of the most recent cyber threats that the U.K.,
U.S., and Australian governments have reported on.
Dridex malware
In December 2019, the U.S. Department of Justice (DoJ) charged the leader of an organized
cyber-criminal group for their part in a global Dridex malware attack. This malicious
campaign affected the public, government, infrastructure and business worldwide.
Dridex is a financial trojan with a range of capabilities. Affecting victims since 2014, it
infects computers though phishing emails or existing malware. Capable of stealing
passwords, banking details and personal data which can be used in fraudulent transactions, it
has caused massive financial losses amounting to hundreds of millions.
In response to the Dridex attacks, the U.K.’s National Cyber Security Centre advises the
public to “ensure devices are patched, anti-virus is turned on and up to date and files are
backed up”.
Romance scams
In February 2020, the FBI warned U.S. citizens to be aware of confidence fraud that
cybercriminals commit using dating sites, chat rooms and apps. Perpetrators take advantage
of people seeking new partners, duping victims into giving away personal data.
The FBI reports that romance cyber threats affected 114 victims in New Mexico in 2019,
with financial losses amounting to $1.6 million.
Emotet malware
End-user protection
So, how do cyber-security measures protect end users and systems? First, cyber-
security relies on cryptographic protocols to encrypt emails, files, and other
critical data. This not only protects information in transit, but also guards
against loss or theft.
How can businesses and individuals guard against cyber threats? Here are our
top cyber safety tips:
1. Update your software and operating system: This means you benefit from
the latest security patches.
2. Use anti-virus software: Security solutions like Kaspersky Total Security
will detect and removes threats. Keep your software updated for the best level
of protection.
3. Use strong passwords :Ensure your passwords are not easily guessable.
4. Do not open email attachments from unknown senders:These could be
infected with malware.
5. Do not click on links in emails from unknown senders or unfamiliar
websites:This is a common way that malware is spread.
6. Avoid using unsecure WiFi networks in public places:Unsecure networks
leave you vulnerable to man-in-the-middle attacks.
Kaspersky Endpoint Security received three AV-TEST awards for the best
performance, protection, and usability for a corporate endpoint security product
in 2021. In all tests Kaspersky Endpoint Security showed outstanding
performance, protection, and usability for businesses.